2) His credentials that he entered are passed on to ADFS to remember then automatically authenticated to multiple different applications on the same domain after logging in to the Pulse successfully. That way, Jon doesn't need to login to any domain.com applications once he is logged into the Pulse.
If you ever experience anything like that, can you please share how you do it with the Pulse and ADFS?
Are you using SAML auth for the initial login so that the SAML token/validation can happen? If not, I believe that it is not possible for the domain credentials to be stored by the ADFS server (or validate the user) and you will need to configure traditional SSO policies or have the user login to each application as-needed